Skip to Content

A New Tool Plays Mind Reader With Your Passwords

Microsoft Research’s Telepathwords demonstrates how strong (or weak) your passwords are by guessing them as you type.
December 5, 2013

Not sure if “password1234” is the best password to keep intruders out of your e-mail account? A new online tool from Microsoft Research called Telepathwords can help you figure it out by guessing which character comes next as you type your password (although hopefuly you already know that particular phrase is a poor choice). The better Telepathwords is at guessing what you’ll type, the easier it will likely be for someone trying to attack your inbox or online bank account protected by that password.

Released Thursday, Telepathwords incorporates common known passwords and common phrases. According to a Microsoft news release, it was also tested by “several hundred” Microsoft employees in order to provide data on how people come up with passwords and to train Telepathwords to detect shoddy password-choosing habits that hackers would probably be aware of. It’s interesting that, rather than simply giving users a “strength” score, the team behind it wants to show you, step by step, how good or bad your password is. Telepathwords was built by security researcher Stuart Schechter and four others.

The site is simple to use: you type the first letter or number of any password into a box and watch Telepathwords make three guesses as to what the next character will be. I tried this with a few passwords, and found that it had a pretty good idea of what I was going to type. When you’re done typing in your password, you see a series of check- and x-marks above it, scoring which characters that Telepathwords could guess and which it couldn’t. Occasionally, I was admonished with warnings such as: “Replacing a predictable letter with a key that looks similar? Attackers also know to substitute l for i, so it does little to improve your password.”

The site does collect the characters you type, sending them to a Microsoft Research server in order to make guesses about what you’ll type next. It also keeps track of how you move your computer mouse and time of when you add or delete characters from your password. The site indicates this data is encrypted within your Web browser, and it may eventually be used for related research.

Keep Reading

Most Popular

Rendering of Waterfront Toronto project
Rendering of Waterfront Toronto project

Toronto wants to kill the smart city forever

The city wants to get right what Sidewalk Labs got so wrong.

Muhammad bin Salman funds anti-aging research
Muhammad bin Salman funds anti-aging research

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging

The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

Yann LeCun
Yann LeCun

Yann LeCun has a bold new vision for the future of AI

One of the godfathers of deep learning pulls together old ideas to sketch out a fresh path for AI, but raises as many questions as he answers.

images created by Google Imagen
images created by Google Imagen

The dark secret behind those cute AI-generated animal images

Google Brain has revealed its own image-making AI, called Imagen. But don't expect to see anything that isn't wholesome.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.